From fd39d4adce093591589354a18671068ab7eab719 Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jandd@cacert.org>
Date: Fri, 25 Dec 2020 08:13:22 +0100
Subject: [PATCH] Add a signer variant with ancient base image

The production signer is using a really old base OS (Debian 4.0 Etch or
5.0 Lenny) with some packages like openssl from Debian 6.0 Stretch. This
commit uses the oldest available Docker base image to make a somewhat
reproducible variant of this OS.
---
 signer.Dockerfile | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/signer.Dockerfile b/signer.Dockerfile
index 448dff2..d1d8227 100644
--- a/signer.Dockerfile
+++ b/signer.Dockerfile
@@ -1,8 +1,10 @@
-FROM debian:jessie
+# should be etch or lenny but dockerhub doesn't have such old versions
+FROM debian:squeeze
 
-RUN apt-get update \
+RUN echo "deb http://archive.debian.org/debian squeeze main" > /etc/apt/sources.list ; \
+    apt-get -o=Acquire::AllowInsecureRepositories=true update \
     && DEBIAN_FRONTEND=noninteractive \
-    apt-get install -y --no-install-recommends \
+    apt-get -o=APT::Get::AllowUnauthenticated=true install -y --no-install-recommends \
     gnupg \
     libdevice-serialport-perl \
     libdigest-sha-perl \